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This application is submitted in the name of Stephan W. Gehring, assignor to Fantasma, 
Inc., a California Corporation. 



ENCRYPTION AND DECRYPTION SYSTEM FOR MULTIPLE NODE NETWORK 



1. Field of the Invention 

This invention pertains generally to methods for message encryption in multiple 
node networks. More particularly, the invention is an encryption and decryption system 
for multi-node networks which provides fast message forwarding decisions using simple 
hardware and software, wherein a forwarding node unconditionally decrypts all incoming 
messages, and then re-encrypts and forwards messages destined for other nodes. 

2. Description of the Background Art 

Network systems for data communication exchange have been evolving for the 
past several decades. Particularly, computer network systems have been developed to 
exchange information and provide resource sharing. Network systems generally comprise 
one or more nodes which are interconnected and capable of communicating. The most 
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common network systems today are "wired" local area networks and wide area networks. 
Normally, nodes participating in such wired networks are physically connected to each 
other by a variety of transmission medium cabling schemes including twisted pair, coaxial 
cable, fiber optics and telephone systems including time division switches, integrated 
services digital network, and asymmetric digital subscriber line. In order to overcome the 
drawbacks associated with physical cabling, wireless data communication networks are 
increasingly used. 

In networks consisting of multiple interconnected nodes, certain nodes may act as 
relays that forward messages between nodes which cannot communicate directly, as is 
frequently the case in wireless networks. In wireless networks, the use of forwarding 
nodes is often an important consideration because the distance between and/or physical 
location of sending and receiving nodes may preclude direct communication. Typically, 
messages delivered along a multi-node network are encrypted to protect potentially 
confidential information from eavesdroppers, including forwarding or intermediate nodes 
which are not the intended destination of a message. 

FIG. 1 shows a forwarding node message routing architecture 10 as used in prior 
art systems for conditional decryption and encryption of forwarded messages. The 



architecture 10 includes a node processor or CPU 12, a primary buffer 14, a secondary 
buffer 16, a decryption engine 18 and an encryption engine 19. Upon receiving a message, 
a forwarding node must make a decision as to whether the received message is to be 
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consumed internally or forwarded to another destination. In prior art systems, when a 
forwarding node receives an encrypted message via the network, the node processor 12 
must make a decision as to whether the message is for itself or if the message is to be 
forwarded to another node. If the incoming message is intended for internal consumption, 
5 the message is routed to the decryption engine 18, which uses a decryption key to 
decrypt the message. If the incoming message is to be forwarded to another destination, 
decryption engine 18 is bypassed and the message is streamed into the primary message 
buffer 14 to await forwarding to a different node. In the case of outgoing messages, the 

O node processor 12 again must make a decision as to whether the outgoing message must 
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alf 10 be encrypted via encryption engine 19 according to a particular destination address, or if 

m 

jH;j encryption is unnecessary. 
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jjjl The above arrangement results in some important drawbacks. The decision by 

Of! processor 12 whether to retain or forward a message involves substantial computational 

P 

* r ' h 15 overhead, with address table lookups used to determine message destination. Thus, an 
additional, secondary message buffer 16 is usually employed to hold incoming message 
data while a decision is made by processor 12 regarding the destination of the message. 
Further, the need to "tag" or otherwise attribute information to outgoing messages as to 
whether or not encryption is required involves still more computational overhead. The 
20 need to buffer messages on the input side with a separate, secondary buffer 16, and the 
decision making as to whether or not to decrypt incoming messages and encrypt outgoing 
messages, increases the complexity of the hardware and software architectures associated 
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with the forwarding node's transmitter and receiver operations, and generally slows down 
the message forwarding process across the network. 



There is accordingly a need for an encryption and decryption system for multi- 
node networks which allows rapid forwarding of messages to destination nodes, which 
avoids delays associated with encryption and decryption decisions, and which does not 
require a secondary message buffer for storage of incoming messages while decryption 
decisions are made. The present invention satisfies these needs, as well as others, and 
generally overcomes the deficiencies found in the background art. 



The invention is an encryption and decryption system and method for a multi- 
node network which provides fast message forwarding while minimizing CPU time and 
power requirements for forwarding nodes. In its most general terms, the invention is a 
method for forwarding encrypted messages in a multi-node network which comprises 
unconditional decrypting, by each node, of all incoming messages and, preferably, 
unconditional encrypting all outgoing messages by the nodes. The invention is also a 
method for encryption and decryption of messages in a multi-node network which 
comprises decrypting all incoming messages by each node before any decision is made by 
the node regarding message destination. 
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By way of example, and not necessarily of limitation, the network system of the 
invention will generally include a source node, a destination node, and at least one 
forwarding node. Messages from the source node to the destination node pass through 
the forwarding node, which unconditionally decrypts the incoming message from the 
source node, and then unconditionally re-encrypts the outgoing or forwarded message to 
the destination node. 

In the forwarding of messages between nodes generally, the invention utilizes an 
encryption algorithm E with a key K E to encrypt plaintext messages P into ciphertext C, 
and a decryption algorithm D with a key K D to decrypt ciphertext C into plaintext P. 
Thus, the encrypted ciphertext C can be represented by C = E(P, K E ), and the recovered 
plaintext P after decryption can be represented as P = D(C, K D ). In the encryption and 
decryption system provided by the invention, the relationship 



is maintained or otherwise holds true. In some preferred embodiment of the invention, 
each node in the network system uses symmetric encryption and decryption, i.e., the 
same key is used for encryption and decryption. Where the encryption and decryption 
algorithms are symmetrical, K D and K E are the same (K E = K D ). In embodiments using 
asymmetric encryption and decryption, K E * K D . 



P = D(E(P, K E ), K D ) = E(D(P, K D ), K E ) 
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In order to share and understand secure messages, the source node will use an 
encryption key K E1 and the intended destination node in a network will use a decryption 
key K Dl5 which are used respectively for encryption and decryption of messages. The 
forwarding node, however, will have its own keys K E2 , K D2 for encryption and 
decryption which are generally different from the keys K E1? K D1 used by the source and 
destination nodes. The different keys K E2 , K D2 allow the forwarding node to 
unconditionally decrypt and encrypt forwarded messages, but prevent the forwarding 
node from unauthorized access to the information or data contained in a forwarded 
message. In some embodiments of the invention, keys K E1 , K D1 may be the same as keys 
K E2 , K D2 respectively. 

In operation, the source node encrypts a plaintext message using encryption 
algorithm E and key K E1 to create a ciphertext message Ci via Q = E(P 1? K E1 ), and 
transmits the ciphertext message to the forwarding node. The forwarding node 
receives and unconditionally decrypts the ciphertext message Ci using decryption 
algorithm D with key K D2 to produce a plaintext message P 2 which can be expressed as 
the relationship: 



P 2 = D(C,, K D2 ) = D(E(P I? K E1 ), K D2 ). 
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The forwarding node then re-encrypts the plaintext P 2 using encryption algorithm E and 
key K E2 to form ciphertext C 2 = E(P 2 , K E2 ), which results in the creation of the original 
ciphertext message Q via the relationship: 

C 2 = E(P 2) K E2 ) = E(D(C,K D2 ), K E2 ) = C, 

The ciphertext Ci is then transmitted by the forwarding node to the destination node, 
which receives and then decrypts the ciphertext message Q using decryption algorithm D 
and key K D! to recover the original plaintext message Pi as the relationship: 

p^dccKd,) 

The above encryption and decryption procedure allows the forwarding node to 
unconditionally decrypt the ciphertext using its own key with a decryption algorithm and 
buffer the deciphered text until it is ready to transmit to the destination node. Since the 
forwarding node does not have the correct key for the ciphertext, i.e., key K D2 is not the 
correct key for ciphertext C b the buffered text message P 2 is unintelligible to the 
forwarding node. The forwarding node then unconditionally encrypts the deciphered text 
P 2 , again using its own key K E2 , to reproduce the ciphertext message Ci for transmission 
to the destination node, where the ciphertext C\ is decrypted again, this time using the 
correct key K m to recover the original plaintext message P^ 
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The encryption and decryption as described above is shown as entirely 
asymmetric, with K E1 * K m and K E2 * K D2 . The encryption and decryption procedure 
of the invention as related above may be entirely symmetric wherein K E i = K D1 = K b and 
K E2 = K D2 = K 2 . In the symmetrical case, the plaintext message as ultimately recovered 
by the destination node can be represented more simply as 



The unconditional decryption of all forwarded messages by the forwarding node in 
the above manner removes the time consuming decision process regarding whether or not 
an incoming message should be encrypted or decrypted according to a particular 
destination address, and eliminates the need for a secondary or input buffer for storage of 
un-decrypted messages during that decision process. The unconditional re-encryption 
avoids the need to attribute outgoing messages from the forwarding node with 
information, for the transmitter hardware, as to whether or not the outgoing message is to 
be encrypted or not. The use of a different key by the forwarding node also allows the 
forwarding node to act as a message destination without unauthorized eavesdropping by 
other nodes. 



P^DOECDCECP^K,), K 2 ), K 2 ) 5 K x ) 



BRIEF DESCRIPTION OF THE DRAWINGS 



8 



EK891278527US 




FANT-P019 



The present invention will be more fully understood by reference to the following 
drawings, which are for illustrative purposes only. 

FIG. 1 is a functional block diagram of a prior art message forwarding hardware 
architecture for a node. 

FIG. 2 is a schematic diagram of a multi-node wireless network showing a source 
node, three forwarding nodes, and a destination node. 

FIG. 3 is a schematic diagram illustrating the encryption and decryption system of 
the invention. 

FIG. 4 is a functional block diagram illustrating generally the hardware embodying 
the encryption and decryption system of the invention as implemented in a forwarding 
node. 

FIG. 5 is a flow chart illustrating generally the encryption and decryption method 
of the invention using symmetric encryption and decryption. 
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Referring more specifically to the drawings, for illustrative purposes the present 
invention is embodied in the system shown generally in FIG. 2 through FIG. 4, and the 
method shown generally in FIG. 5. It will be appreciated that the system may vary as to 
configuration and as to details of the parts, and that the method may vary as to details 
and the order of the steps, without departing from the basic concepts as disclosed herein. 
The invention is disclosed generally in terms of use in a wireless network of multiple 
transceiver devices. However, it will be readily apparent to those skilled in the art that 
the invention may be used in numerous types of data transmission and reception 
applications, including wired and fiberoptic communication networks, and the details and 
specificities discloses herein are only exemplary and should not be considered limiting. It 
will also be appreciated by- those skilled in the art that various functional components of 
the invention as described herein may in many instances share logic and be implemented 
within the same circuit or in different circuit configurations. 

Referring first to FIG. 2, the invention is generally embodied in a wireless network 
20 comprising a plurality of transceiver devices or nodes, which are shown as a source 
node 22, forwarding nodes 24a, 24b . . . 24n, and a destination node 26. The transmitter 
and receiver architectures of transceiver nodes 22, 24, 26 can be configured in a variety of 
ways which are well known in the art. Data is transmitted between the transceiver nodes 
22, 24, 26 of network 20 preferably in the form of packets or frames. Frames generally 
contain the data to be transmitted as well as information regarding the source and 
destination nodes. 

10 



EK891278527US 



FANT-P019 



In the network 20 of FIG. 2, transceiver nodes 24a, b, ... n are shown positioned 
in between source node 22 and destination node 26 to act as a forwarding or relaying 
nodes. There may be any number of intervening for forwarding nodes 24a-n, although 
only three are shown in FIG. 2 for reason of clarity. As can frequently occur in wireless 
networks, source node 22 and destination node 26 may not be within suitable range of 
each other for direct data transmission, because of distance, an intervening obstacle (not 
shown) which blocks or otherwise prevents effective direct communication, or other 
reason. Source node 22 and forwarding node 24a are shown as having a shared region or 
range 28 in which effective data transmission is possible. Forwarding nodes 24a and 24b 
likewise have a shared range 29a, while forwarding nodes 24b and 24n have a shared range 
29b. Forwarding node 24n and destination node 26 are shown with a shared region or 
range 30. The various overlapping portions of ranges 28, 29a, 29b and 30 allow messages 
to be forwarded from node 22 to node 26 via the intervening nodes 24a-n, and vice versa. 

The network 20 will generally comprise additional transceiver nodes (not shown), 
with each node in the network comprising generally the same transmitter and receiver 
configuration as nodes 22-26. Thus, in network 20, multiple source nodes and multiple 
destination nodes may share a single common forwarding node in some instances, and 
multiple forwarding nodes may be required between a particular source and destination 
node. In some instances nodes 22 and 26 in network 20 may act as forwarding nodes for 
node 24a or 24n when these nodes are a message destination, or nodes 22, 26 may act as 
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forwarding nodes for other nodes (not shown). The particular arrangement of the 
network 20 will generally vary according to its particular use, and the arrangement shown 
in FIG. 2 is only exemplary. 

The transceiver nodes 22, 24a-n, 26 of network 20 advantageously use a message 
forwarding method wherein all incoming encrypted messages received by each forwarding 
node 24a-n are unconditionally decrypted, using the forwarding node's decryption key, 
prior to any decision making by the forwarding node 24a-n as to whether the incoming 
message is directed to itself or to a different destination. Preferably, all messages 
transmitted or forwarded by nodes 24a-n are unconditionally encrypted or re-encrypted, 
using the forwarding node's encryption key. This message forwarding method eliminates 
the need by the forwarding nodes 24a-n for hardware and software associated with 
decision making, based on destination address, regarding whether or not an incoming 
messages should be decrypted, and whether or not outgoing messages need to be 
encrypted. 

Generally, in the forwarding of messages between nodes of a network, the 
invention utilizes an encryption algorithm E with a key K E to encrypt plaintext messages 
P into ciphertext C, and a decryption algorithm D with a key K D to decrypt ciphertext C 
into plaintext P. Thus, the encrypted ciphertext C can be represented by C = E(P, K E ), 
and the recovered plaintext P after decryption can be represented as P = D(C, K D ). The 
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encryption and decryption algorithms used in the present invention will generally satisfy 
the following relationship: 



This relationship is maintained or otherwise holds true during all encryption and 
decryption operations with the invention. 

With the above relationship in mind, reference is now made to FIG. 3, wherein the 
operation of the message forwarding of the invention over multi-node network 20 is 
shown. In FIG. 3 only a single forwarding node 24 is shown for clarity, although a larger 
number of forwarding nodes may be present as noted above. The source node 22 has an 
encryption key K E1 used for encryption with algorithm E ? while destination node 26 has a 
decryption key K Dl used for decryption with algorithm D. Forwarding node 24 generally 
has different keys K E2 , K D2 which are respectively used for encryption with algorithm E 
and decryption with algorithm D. 

Initially, a plaintext message Pi at source node 22 is encrypted to form a 
ciphertext message C l5 using encryption algorithm E and key K El5 such that ciphertext C\ 
= E(Pi, K E1 ), as shown in FIG. 3. Destination node 26 ultimately recovers and decrypts 
the plaintext message Pj using decryption algorithm D and key K D1 , with recovered 



P = D(E(P, K E ), K D ) = E(D(P, K D ), K E ) 
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plaintext Pi = D(C i? K m ) as described further below. Prior to reaching destination node 
26, ciphertext C\ is transmitted to forwarding node 24 by source node 22. 

Forwarding node 24 uses the same encryption and decryption algorithms D 5 E as 
5 source and destination nodes 22, 26, but with generally different encryption and 
decryption keys K E2 , K D2 (Keys K El5 K m are not available to forwarding node 24), so 
that forwarding node 24 cannot eavesdrop on messages which it forwards between nodes 
22, 26. The ciphertext C\ transmitted by source node 22 is received by forwarding node 
24 and decrypted by forwarding node 24 using decryption algorithm D and key K D2 to 
10 produce plaintext P 2 . The. plaintext P 2 , as decrypted by the forwarding node 24 can be 



H;J represented as: 



P 2 = D(C,,K D2 ) = D(E(P,,K EI ), K D2 ). 



Since decryption key K D2 is the incorrect key for ciphertext C l5 the decrypted plaintext 
15 P 2 is not intelligible to forwarding node 24, and the information contained therein is thus 
protected from unauthorized access or use by forwarding node 24. 

Forwarding node 24 stores the decrypted plaintext message P 2 in a buffer until 
node 24 is ready to forward the message. The plaintext P 2 is then encrypted using 
20 encryption algorithm E and key K E2 to again produce ciphertext Ci- The ciphertext C\ 
resulting from the encryption of plaintext P 2 by forwarding node can be shown as: 
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C 2 = E(P 2 , K E2 ) = E(D(C b K D2 ), K E2 ) = d 



The ciphertext message Ci is then transmitted to destination node 26. 

Destination node 26 receives the ciphertext C { transmitted from forwarding node 
24, and ciphertext C { is decrypted using the correct key K D1 with decryption algorithm D 
to reproduce the original plaintext message Pi as transmitted from source node 22. The 
original plaintext message Pi as recovered by destination node 26, after forwarding, can be 
represented by: 



The above message forwarding method allows forwarding node 24 to 
unconditionally decrypt the incoming ciphertext message C\ from source node 22 without 
first having to determine if the message C\ is intended for forwarding node 24 itself (i.e., 
forwarding node 24 is the final destination for the message) or if the message is for 
destination node 26. This allows the processor of forwarding node 24 to buffer the 
decrypted message and delay decision making about forwarding or retaining a message 
until a convenient time. The processor thus is not forced to react to an incoming message 
immediately when it is received. 

The unconditional decryption described above also allows relatively simple 
hardware and software architectures to be used for the message forwarding process of the 

15 
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invention. Referring to FIG. 4, there is shown an encryption and decryption system 32 
in accordance with the invention as embodied in forwarding transceiver node 24. 
Encryption/decryption system 32 includes a decryption engine 34 which is operatively 
coupled to a memory buffer 36 and a receiver (not shown) associated with the transceiver 
node. Buffer 36 is operatively coupled to the node's central processing unit or CPU 38, 
and to an encryption engine 40. Encryption engine 40 is also operatively coupled to the 
node transmitter (not shown). CPU 38 may comprise any conventional data processor 
device, and buffer 36 may comprise any conventional RAM or like memory device. The 
nature of encryption and decryption engines of this sort is well known in the art and need 
not be described herein. 

Notably, the encryption and decryption system 32 of FIG. 4 does not include a 
separate input buffer 16 for storage of messages prior to decryption, as used in prior art 
systems and shown in FIG. 1. All incoming messages are decrypted by engine 34 
unconditionally prior to any decision-making as to message destination, and the 
decrypted message is directed to buffer 36 to await forwarding decisions by processor 38. 
The system 32 also does not require separate data input paths to buffer 36 for encrypted 
and un-encrypted messages, since all messages are unconditionally decrypted by engine 
34. Further, CPU 38 is not required to make any encryption decisions regarding outgoing 
messages, as all outgoing messages are unconditionally encrypted (or re-encrypted) by 
engine 40. The encryption and decryption system 32 thus is relatively simple and 
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inexpensive to implement, and allows faster forwarding of encrypted messages than has 
previously been available. 

The invention also advantageously permits each transceiver node in a network to 
utilize the same encryption/decryption algorithm while preventing potential 
eavesdropping on a forwarded message, by use of different keys or ciphers where 
appropriate. Referring again to FIG. 2, it should be noted that node 24 may be a 
destination node as well as a forwarding node, with messages forwarded to node 24 by 
node 22 or 26. In such cases, the different keys K E2? K D2 at node 24 prevents 
eavesdropping by nodes 22 or 26 on messages forwarded to node 24, in the same manner 
as described above. 

Message forwarding encryption and decryption as shown in FIG. 3 and described 
above is asymmetric, with different, separate keys being used for encryption and 
decryption operations. It should be readily understood, however, that message 
forwarding in accordance with the invention may be carried out via symmetric encryption, 
wherein K E1 = K D i and K E2 = K D2 . 

The method of the invention as used with symmetric encryption and decryption 
will be more fully understood by reference to the flow chart of FIG. 5, as well as FIG. 2 
and FIG. 3. In the events of FIG. 5, a single key Ki is used by source node 22 and 
destination node 26 for both encryption and decryption, such that K E1 = K Di = K l5 and a 
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single (but generally different) key K 2 is used by forwarding node 24 for encryption and 
decryption, such that K E2 = K D2 = K 2 . While in the following example the keys K u K 2 , 
are different, it should be understood that in some embodiments of the invention these 
keys may be the same. 

At event 100, a plaintext message Pi at source node 22 is encrypted using 
encryption algorithm E and key Kj to produce ciphertext message Q. With symmetric 
encryption and decryption, ciphertext C\ can be represented as C\ = E(P b Kj). 
Ciphertext C\ is then transmitted to forwarding node 24. 

At event 110, ciphertext message Ci is received and decrypted by forwarding node 
24 using decryption algorithm D and key K 2 to produce plaintext P 2 which, in this case 
may be shown as: 



Plaintext P 2 is created via unconditional decryption, so there is no need to independently 
buffer ciphertext message C\ prior to decryption, as noted above. Also, since forwarding 
node 24 has the incorrect key (K 2 instead of the required Ki) for plaintext P l9 the 
decrypted message is not intelligible to forwarding node 24, and forwarding node 24 
cannot make unauthorized use of data contained in plaintext message P 2 . 



P 2 = D(C,,K 2 ) = D(E(P 1 ,K 1 ), K 2 ). 
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At event 120, plaintext message P 2 is encrypted by forwarding node 24 using 
encryption algorithm E and key K 2 to again produce ciphertext C l5 which is transmitted 
to destination mode 26. The reproduced ciphertext in this instance can be shown by: 



At event 130, destination node 26 receives the ciphertext message C\ transmitted 
by forwarding node 24 and applies encryption algorithm E with key to recover the 
original plaintext message Pp According to the symmetrical encryption and decryption, 
the recovered plaintext Pj by destination node 26 may be considered as 



Accordingly, it will be seen that this invention provides a message forwarding 
system for multi-node networks which allows fast message forwarding while minimizing 
CPU time and power requirements for forwarding nodes. Although the description above 
contains many specificities, these should not be construed as limiting the scope of the 
invention but as merely providing an illustration of the presently preferred embodiment 
of the invention. Thus the scope of this invention should be determined by the appended 
claims and their legal equivalents. 



C 2 = E(D(C l5 K 2 ),K 2 ) = C, 



Pi = D(C 1) K 1 ) 
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